Troubleshoot the Remote Access VPN Identity Source

For other related troubleshooting information, see Troubleshoot Realms and User Downloads, Troubleshoot User Control, and VPN Troubleshooting.

If you experience issues with Remote Access VPN, check the connection between your Cisco Defense Orchestrator and a managed device. If the connection fails, all Remote Access VPN logins reported by the device cannot be identified during the downtime, unless the users were previously seen and downloaded to the Cisco Defense Orchestrator.

The unidentified users are logged as Unknown users on the Cisco Defense Orchestrator. After the downtime, the Unknown users are re identified and processed according to the rules in your identity policy.

The host name of the managed device must be less than 15 characters for Kerberos authentication to succeed.

Active FTP sessions are displayed as the Unknown user in events. This is normal because, in active FTP, the server (not the client) initiates the connection and the FTP server should not have an associated user name. For more information about active FTP, see RFC 959.